Blog

LinkedIn forced to pause mentioned in the news feature in Europe after complaints about ID mix-ups

LinkedIn has been forced to ‘pause’ a feature in Europe in which the platform emails members’ connections when they’ve been ‘mentioned in the news’.

This follows a number of data protection complaints after LinkedIn’s algorithms incorrectly matched members to news articles — triggering an internal review of the feature. LinkedIn told us it subsequently decided to suspend the feature in Europe.

The LinkedIn help center currently displays the following European caveat regarding the feature:

At this time, members in Designated Countries (including European Union, European Economic Area, Switzerland) may receive notifications when their connections and members they follow in other regions are mentioned (subject to member settings), but we do not send Mentioned in the News notifications that relate to members based in Designated Countries. We continue to evaluate coverage of additional regions, and encourage members to share relevant articles from their homepage.

The decision to pause processing appears as a case study in the ‘Technology Multinationals Supervision’ section of an annual report published today by the Irish Data Protection Commission (DPC). Although the report does not explicitly name LinkedIn — but we’ve confirmed it is the professional social network in question.

We reached out to LinkedIn with questions and it pointed us to this blog post where it confirms: “We are pausing our Mentioned in the News feature for our EU members while we reevaluate its effectiveness.”

LinkedIn adds there that it’s reviewing the accuracy of the feature, writing:

As referenced in the Irish Data Protection Commission’s report, we received useful feedback from our members about the feature and as a result are evaluating the accuracy and functionality of Mentioned in the News for all members.

The blog post also points users to a page where they can find out more about the ‘mentioned in the news’ feature, and get information on how to manage their LinkedIn email notification settings.

In the DPC report, the watchdog cites “two complaints about a feature on a professional networking platform” after LinkedIn incorrectly associated the members with media articles that were not actually about them.

“In one of the complaints, a media article that set out details of the private life and unsuccessful career of a person of the same name as the complainant was circulated to the complainant’s connections and followers by the data controller,” the DPC writes, noting the complainant initially complained to the company itself but did not receive a satisfactory response — hence taking up the matter with the regulator.

“The complainant stated that the article had been detrimental to their professional standing and had resulted in the loss of contracts for their business,” it adds.

“The second complaint involved the circulation of an article that the complainant believed could be detrimental to future career prospects, which the data controller had not vetted correctly.”

LinkedIn appears to have been matching members to news articles by simple name matching — with obvious potential for identity mix-ups between people with shared names.

“It was clear from the complaints that matching by name only was insufficient, giving rise to data protection concerns, primarily the lawfulness, fairness and accuracy of the personal data processing utilised by the ‘Mentions in the news’ feature,” the DPC writes.

However a LinkedIn spokesman told us there is an algorithm involved in matching members to media articles — which he said is based on technology LinkedIn acquired when it bought machine learning startup Newsle back in 2014.

He also pointed to a LinkedIn help centre article, where the company acknowledges the imperfect capabilities of the feature — writing: “While this algorithm is good, it’s not perfect. It’s a good idea to check that the person or organization in an article is the same person or organization you’re following. If you see any news item associated with the wrong person or organization (or any offensive or inappropriate content in a news item), please report it by clicking the Wrong Person or Wrong Organization flag.”

It’s not clear how LinkedIn can tweak an imperfect matching algorithm to ensure it doesn’t attract similar complaints in future if it gets identities mixed up again. The DPC notes only that it decided to suspend the feature “pending improvements to safeguard its members’ data”.

It’s not the first privacy black mark against LinkedIn in Europe.

Late last year, in its early annual report, on the pre-GDPR portion of 2018, the Irish DPC revealed it had investigated complaints about LinkedIn related to it targeting non-users with adverts for its service.

The DPC found the company had obtained emails for 18 million people for whom it did not have consent to process their data. In that case LinkedIn agreed to cease processing the data entirely.

That complaint also led the DPC to audit LinkedIn. It then found a further privacy problem, discovering the company had been using its social graph algorithms to try to build suggested networks of compatible professional connections for non-members.

The regulator ordered LinkedIn to cease this “pre-compute processing” of non-members’ data and delete all personal data associated with it prior to GDPR coming into force.

In its latest annual report, covering May 25 to December 31 last year — and published today — the Irish DPC also records it has an open investigation of LinkedIn following a GDPR complaint related to the lawful basis it is using for processing personal data in the context of behavioural analysis and targeted ads on its platform.

This report was updated with a correction; LinkedIn was not ordered to suspend the feature by the DPC, as we originally reported but chose to do so following a review it carried out of the feature. We also included additional context from LinkedIn regarding the matching algorithm used to power the feature. In a further update we included details of the Irish DPC’s open investigation into LinkedIn’s legal basis for processing personal data for targeted ads and behavioral analysis